Oracle delivers the latest Unbreakable Enterprise Kernel, Release 6 Update 3, for Oracle Linux

The Unbreakable Enterprise Kernel (UEK) for Oracle Linux provides the latest open source innovations, key optimizations, and security to cloud and on-premises workloads. As the most modern kernel, part of Enterprise Linux Distribution, UEK6 is the Linux kernel that powers Oracle Cloud, Oracle Engineered Systems, Oracle Linux on Intel/AMD as well as Arm platforms.

UEK R6, available for Oracle Linux 7 and Oracle Linux 8, does not disable any features that are enabled in the Red Hat Compatible Kernel. Additional features are enabled to provide support for key functional requirements and patches are applied to improve performance and optimize the kernel.

What’s New?

The Unbreakable Enterprise Kernel Release 6 Update 3 (UEK R6U3) for Oracle Linux is based on the mainline kernel version 5.4. By actively monitoring upstream check-ins and collaboration with partners and customers, Oracle continues to improve and apply critical bug and security fixes to UEK R6. This update includes several new features, added functionality, and bug fixes across a range of subsystems.

UEK R6U3 can be recognized with a release number starting with 5.4-17-2136 and is an update to the upstream mainline kernel v5.4.83. UEK R6U3 includes upstream LTS bug fixes, with additional patches to enhance existing functionality and provide some minor bug fixes and security improvements.

Notable changes:

• Wireguard Communication Protocol. WireGuard is fully supported. A technology preview feature since UEK R6U1, WireGuard replaces legacy IPsec and OpenVPN tunneling protocols. It is secure, easy-to-use, and faster.
• io_uring Asynchronous I/O Framework. io_uring is a Linux kernel interface that provides submission and completion queue rings, which are then shared between the kernel and user space to avoid copies.
• Enhanced Nested Virtualization on the AMD Platform. Capability for nested virtualization on the AMD 64-bit (x86_64) platform is enhanced through the implementation of an extensive number of stability fixes.
• NVMe Target Passthru. This new feature enables you to export an entire NVMe controller through the NVM Express over Fabrics (NVMe-oF) specification.
• Secure Boot Enhancements. Secure Boot has been modified to additionally check the platform keyring, which includes the Machine Owner Key (MOK) list. This enhancement enables third-party and custom key signed modules to be loaded whenever Secure Boot is enabled.

• oracleasm Kernel Module Deprecated. Note that although the module continues to be supported in UEK R6U3, it may be removed in a future UEK release.

• DRBD Kernel Module Deprecated. The DRBD kernel module was introduced as a technology preview in previous UEK releases and continues to be enabled in UEK R6. However, this module and the drbd-utils package may be removed in a future UEK release.

• Drivers

  • Broadcom BCM573xx network driver. BCM573xx network driver, bnxt_en, is updated to version 1.10.2. A large number of upstream and vendor supplied patches are included to resolve various bugs and to provide newer features and updates. Notably, PTP functionality is enabled and several improvements for RoCE have been included.

  • Cisco FCoE HBA driver. The Cisco FCoE HBA driver, fnic, is updated to version 1.6.0.53. Several upstream patches are included to resolve various bugs.

  • Intel Ethernet Connection E800 Series Linux driver. The Intel Ethernet Connection E800 Series Linux driver, ice, continues to report as version 0.8.2-k in this release, but includes a large number of vendor supplied patches. This driver is tested against the latest 25 GbE and 100GbE E810 network interface cards.

  • Broadcom Emulex LightPulse Fibre Channel SCSI driver.

    • The Broadcom Emulex LightPulse Fibre Channel SCSI driver, lpfc, is updated to version 12.8.0.10, with vendor supplied patches and bug fixes.

    • Several patch updates were additionally applied to the NVMe Fibre Channel transport driver, nvme-fc, for improved functionality and to resolve issues identified by the vendor.

  • Microsoft Azure Network Adapter driver. The Microsoft Azure Network Adapter driver, mana, is included in this release. Upstream and vendor supplied patches are included and the driver is intended for use on Oracle Linux 8.

  • MPI3 Storage Controller device driver. The MPI3 Storage Controller device driver, mpi3mr, is version 00.255.45.01. Upstream and vendor supplied patches are included and the driver is intended to support the next generation of 96XX HBA and RAID controller devices from Broadcom.

  • QLogic FastLinQ 4xxxx

    • Core module. The qed driver is updated to version 8.37.0.20 and includes many additional vendor supplied patches, including patches for version 8.42.2.0 firmware.

    • Ethernet driver. The qede driver is updated to version 8.37.0.20 and includes additional vendor supplied patches.

    • FCoE module. The qedf driver is updated to version 8.42.3.0 and includes vendor supplied patches to update this driver in line with upstream changes.

    • iSCSI module. The qedi driver is updated to version 8.37.0.20 and includes vendor supplied patches to update this driver in line with upstream changes.

  • QLogic Fibre Channel HBA driver. The qla2xxx driver is updated to version 10.02.00.106-k and includes several vendor supplied patches.

  • Microsemi Smart Family Controller driver. The smartpqi driver is updated to version 2.1.8-045 and includes several upstream patches. [BugDB ID: 32983221]

• Enhanced Tech-Preview features

  • Core scheduling is a feature enabled in the kernel to limit trusted tasks to run concurrently on CPU cores that share compute resources, to help mitigate against certain categories of ‘core shared cache’ processor bugs that could cause data leakage and other related vulnerabilities. Core scheduling, introduced with UEK R6U1, is still under active development.

  • NFS v4.2 Server Side Copy functionality is back-ported from the upstream kernel and provides mechanisms that allow an NFS client to copy file data on a server or between two servers without the data being transmitted back and forth over the network through the NFS client. Introduced with UEK R6U1, several improvements are part of this release.

For details on these and other new features and changes, please consult the Release Notes for the UEK R6 Update 3.

Security (CVE) Fixes

A full list of CVEs fixed in this release can be found in the Release Notes for the UEK R6U3.

Compatibility

UEK R6 Update 3 is fully compatible with the UEK R6 GA release. The kernel ABI for UEK R6 remains unchanged in all subsequent updates to the initial release.

Oracle Linux downloads

Individual RPM packages are available on the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. ISO installation images are available from the Oracle Linux yum server and Oracle Software Delivery Cloud and container images are available via Oracle Container Registry, GitHub Container Registry and Docker Hub.

Oracle Linux can be downloaded, used, and distributed free of charge and all updates and errata are freely available. Customers decide which of their systems require a support subscription. This makes Oracle Linux an ideal choice for development, testing, and production systems, since support coverage can be optimized for each individual system, while keeping all systems up to date and secure.

Resources

• Oracle.com/linux

• Download Oracle Linux

• Try Oracle Cloud Free Tier

• Oracle Linux product documentation

• Oracle Linux Premier Support